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Abstract 

The functional decomposition of polynomials has been a topic of 
great interest and importance in pure and computer algebra and their 
applications. The structure of compositions of (suitably normalized) 
polynomials f = g o h in ¥q[x] is well understood in many cases, 
but quite poorly when the degrees of both components are divisible 
by the characteristic p. This work investigates the decomposition 
of polynomials whose degree is a power of p. An (equal-degree) i- 
collision is a set of i distinct pairs (g, h) of polynomials, all with the 
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same composition and degg the same for all {g,h). Abhyankar (1997) 
introduced the projective polynomials x'^ + ax + b, where n is of the form 
(r™ — l)/(r — 1). Our first tool is a bijective correspondence between 
i-collisions of certain additive trinomials, projective polynomials with i 
roots, and linear spaces with i Frobenius-invariant lines. 



Bluher (2004b I has determined the possible number of roots of 
projective polynomials for m = 2, and how many polynomials there 
are with a prescribed number of roots. We generalize her first result to 
arbitrary m, and provide an alternative proof of her second result via 
elementary linear algebra. 

If one of our additive trinomials is given, we can efficiently compute 
the number of its decompositions, and similarly the number of roots 
of a projective polynomial. The runtime of these algorithms depends 
polynomially on the sparse input size, and thus on the input degree 
only logarithmically. 

For non-additive polynomials, we present certain decompositions 
and conjecture that these comprise all of the prescribed shape. 

Keywords. Univariate polynomial decomposition, additive polynomials, 
projective polynomials. 

2010 Mathematics Subject Classification. Primary 68W30; Sec- 
ondary 12Y05 



1 Introduction 



The composition of two polynomials g,h & F[x] over a field F is denoted 
^J f = 9 ° h = g{h), and then (g, h) is a decomposition of /. In the 1920s, 
Ritt, Fatou, and Julia studied structural properties of these decompositions 
over C, using analytic methods. Particularly important are two theorems by 
Ritt on uniqueness, in a suitable sense, of decompositions, the first one for 
(many) indecomposable components and the second one for two components, 
as above. 



The theory was algebraicized by Dorey &; Whaples (1974), Schinzel (1982 
2000), and others. Its use in a cryptographic context was suggested by 



Cade (1985). In computer algebra, the method of Barton & Zippel (1985) 



requires exponential time but works in all situations. A breakthrough result 



of Kozen & Landau (1989) was their polynomial-time algorithm to compute 



decompositions. One has to distinguish between the tame case, where the 
characteristic p does not divide deg g and this algorithm works 



see 



Gathen (1990a)), and the wild case, where p divides degg (see von zur Gathen 



von zur 



(1990b)). In the wild case, considerably less is known, mathematically and 



computationally. The algorithm of Zippel ( 1991 ) for decomposing rational 



functions suggests that the block decompositions of Landau & Miller (1985) 



(for determining subfields of algebraic number fields) can be applied to the 



wild case. Giesbrecht (1998) provides fast algorithms for the decomposition 



of additive (or linearized) polynomials, in some sense an "extremely wild" 
case. We exploit their elegant structure here. An enumeration of number 
or structure of solutions in the wild case has defied both algebraic and 
computational analysis, and we attempt to address this here. Moreover, many 
of the algorithms we present here are sensitive to the sparse size of the input, 
as opposed to the degree, a property not exploited in the above-mentioned 
papers. 

The task of counting compositions over a finite field of characteristic p 



was first considered in Giesbrecht (1988). Von zur Gathen (2009b) presents 



general approximations to the number of decomposable polynomials. These 
come with satisfactory (rapidly decreasing) relative error bounds except 
when p divides n = deg / exactly twice. The goal of the present work is 
to study the easiest of these difficult cases, namely when n = p^ and hence 
deg g = deg h = p. However, many of our results are valid for n = r"^ for a 
power r of p, and are stated accordingly. 

We introduce the notion of an equal-degree i-collision of decompositions, 
which is a set of i pairs [g, h), all with the same composition and degg the 
same for all {g, h). These are the only collisions we consider in this paper, and 
we omit the adjective "equal- degree" in the text. An z-collision is maximal if it 



is not contained in an {i + l)-collision. After some preliminaries in Section 2 



we start in Section 3 with the particular case of additive polynomials. We 
relate the decomposition question to one about eigenspaces of the linear 
function given by the Frobenius map on the roots of /. This yields a complete 
description of all decompositions of certain additive trinomials in terms of 
the roots of the projective polynomials x" + ax + b, introduced by [Abhyankar 
(1997), where n is of the form (r™ — l)/(r — 1). We prove that maximal 



z-coUisions of additive polynomials of degree r^ exist only when i is 0, 1, 2 or 
r + 1, count their numbers exactly, and show their relation to the roots of 
projective polynomials for m = 2. In this case Bluher (2004b) has determined. 



the number of roots that can occur, namely 0, 1, 2, or r + 1, and also for 
how many coefficients (a, b) each case happens. We obtain elementary proofs 
of a generalization of her first result to arbitrary m and of her counts for 
m = 2. From the proof we obtain a fast algorithm (polynomial in r and log q) 
to count the number of roots over F^, called rational roots. More generally. 



m 



Section 4 an algorithm is provided to enumerate the possible number of 



right components of an additive polynomial of any degree. A fast algorithm 
is then presented to count the number of right components of an additive 



polynomial of any degree, which is shown to be equivalent to counting rational 
roots of projective polynomials of arbitrary degree. We also demonstrate 
theorems and fast algorithms to count and construct indecomposable additive 



polynomials of prescribed degree. In Section 5 we actually construct and 
enumerate all additive polynomials of degree r^ with 0, 1, 2, or r + 1 collisions 



and establish connections to the counts of Bluher (2004b) and von zur Gathen 



(2009a). 



In Section 6 we move from additive to general polynomials. Certain 
(r + l)-collisions are derived from appropriate roots of projective polynomials. 
We conjecture that these are all possibilities and present results on general 
z-coUisions with i > 2 ioi r = p that support our conjecture. 



2 The basic setup 



We consider polynomials f,g,h & ^^gl^^] over a finite field ¥q of characteristic p. 
Then / = goh = g{h) is the composition of g and h, {g, h) is a decomposition of 
/, and g and h are a left and right component, respectively, of /. Furthermore, 
/ is decomposable if such [g, h) exist with deg^?, deg/i > 2, and indecomposable 
otherwise. 

We call / original if its graph passes through the origin, that is, if /(O) = 0. 
Composition with linear polynomials introduces inessential ambiguities in 
decompositions, li f = g o h,a &¥^ , and b G ¥q, then af + b = {ag + b) o h. 
Thus we may assume / to be monic original. Furthermore, if a = lc{h)~^ and 
b = —ah{0), then f = goh = g{{x — b)a^^)o[ah + b) and the right component 
is monic original. Thus we may also assume h to be monic original, and then 
g is so automatically. We thus consider the following two sets: 



DJ¥„) 



{f E¥q[x]: /is monic and original of degree n}, 
{/ G Pn{¥q) : / is decomposable}. 



We usually leave out the argument F^. The size of the first set is i^Pn = Q'"~^, 
and determining (exactly or approximately) ^Dn is one of the goals in this 
business. The number of all or all decomposable polynomials of degree n, not 
restricted to P„, is 7^P„ or 7^-D„., respectively, multiplied by q{q — 1). 

First, we consider the additive or linearized polynomials, which have 
a mathematically rich and highly useful structure in finite fields. First 



introduced in Ore (1933), they play an important role in the theory of finite 



and function fields, and they have found many applications in codes and 



cryptography. See Lidl & Niederreiter (1983), Chapter 3, for an introduction 



and survey over finite fields. 



We will focus on additive polynomials over finite fields, though some of 
these results will hold more generally in characteristic p. For convenience we 
assume that r is a power of p and q = r'^ for some d G Z>o- Let 

¥g[x] r] = { ^ aix''' : n G Z>o, Oq, . . . , a„ G FJ 

0<i<n 

be the ring of r-additive (or linearized, or simply additive) polynomials over 
Fq. These are the polynomials such that f{aa + (3b) = af{a) + (3f{h) for any 
a, /3 G Fj,, and for any a, 6 G Fg, where Fg is an algebraic closure of Fg. The 
additive polynomials form a (non- commutative) ring under the usual addition 
and composition. It is a principal left (and right) ideal ring with a left (and 
right) Euclidean algorithm. 

An additive polynomial is squarefree if /' (the derivative of /) is nonzero, 
meaning that the linear coefficient of / is nonzero. If / G Fg[x; r] is squarefree 
of degree r", then the set of all roots of / form an F^- vector space in F^ of 
dimension n. Conversely, for any finite dimensional F^- vector space PF C F^, 
the lowest degree polynomial / = naeiy(''' ~ ^) ^ ¥r[x] with W as its roots 
is a squarefree r-additive polynomial. Let aq denote the gth power Frobenius 
automorphism on Fg over Fg. If W is invariant under cig, then / G Fg[x; r]. 

We have 

x^ o h = ap{h) o x^ 

for h G Fg[a;], where ap is the Frobenius automorphism on Fg over Fp, which 
extends to polynomials coefficientwise. If deg/i = p and h ^ x^ , this is a 
2-collision and called a Frobenius collision. It is never part of i-collisions with 
i > 3. 

Lemma 2.1. Let S G F"^" he the matrix representing the Frobenius aq. There 
is a bijection between S -invariant subspaces of¥^^^ and right components 
hE¥q[x;r] off. 

Proof. Assume that / G Fg[a;; r] is squarefree of degree r". Let Vi, . . . ,Vn G 
¥r form an Fj.-basis for Vf, and identify a = X]i<i<n '^«^« ^ ^/ with a = 
(«!,. . . , ctn) G F". Each F^-subspace W of Vf corresponds to an additive 
right component h of f which has W as its set of roots. It is relatively 
straightforward to derive that all components of an additive polynomial are 



again additive (Giesbrecht, 1988, Theorem 3.3). Finally, we have h G Fg[x;r] 
if and only if W is invariant under cXg. 

Generally, if / G Fg[x; r] is not squarefree, we can write it as / = gox'' for 
a squarefree g G Fg[x; r], and then f = x^ o h for some squarefree h G Fg[a;; r] 



see Giesbrecht (1988), Sections 3-4). D 



We present two related approaches to investigate / G ¥q[x] r] of degree r^. 
The first, working with normal forms of the Frobenius operator on the space 
of roots of /, gives a straightforward classification of the number of possible 
decompositions, though provides less insight into how many polynomials 
fall into each class. The second uses more structural information about the 
ring of additive polynomials and provides complete information on both the 
number of decompositions and the number of polynomials with each type of 
decomposition. 

We can easily classify all possible collisions in the non-squarefree case at 
degree r^ as follows. 



Lemma 2.2. Let f 



X 



' + ax^ G Fg[x;r] for a G Fg. Then f has a2-coUision 



if a ^ and a unique decomposition if a = 0. 

Closely related to decompositions are the following objects. Let r be 
a power of p and 



m 



> 2. Abhyankar (1997) introduced the projective 



polynomials 



M) ^ ^(r--mr-l) + ^^ + 5 



which have, over appropriate fields, nice Galois groups such as general linear 
or projective general linear groups. We assume g to be a power of r, and have 
for m = 2 



^ 



{a,b) 



„r+l 



+ ax + b 



(2.3) 



with a, 6 G F, 



Q- 



In the case ab ^ 0, Bluher (2004b) has proven an amazingly precise 



result about the number of nonzero roots of (2.3). Namely, this number is 
1, 2, or r + 1, and she has exactly determined the number of parameters 







(a, b) for which each of the four possibilities occurs. In the case a = 0, the 



corresponding number is given in von zur Gathen (2008), Lemma 5.9 



Projective polynomials appear naturally in many situations. Bluher 



(2004a) used them to construct strong Davenport pairs explicitly and Dillon 



(2002) to build families of difference sets with certain Singer parameters. 



Bluher (2003) proved the equivalence of two such difference sets, using again 



projective polynomials and they played a central role in tackling the question 



of when a quartic power series over ¥g is actually hyperquadratic (Bluher & 



Lasjaunias 2006). 



Helleseth, Kholosha & Johanssen (2008) used projective polynomials to 
find m-sequences of length 2^'^ — 1 and 2'^ — 1. Helleseth & Kholosha (2010) 



studied projective polynomials further, providing criteria for the number of 
zeros in a field of characteristic 2, not assuming g to be a power of r. |Zeng, Li 



& Hu (2008) applied the techniques of Bluher (2004b) to study the roots of 



^p" yp" +1 _|_ ^y _|_ ^ with ^7 7^ to define a class of p-ary codes C, where 
p is an odd prime, and completely determine their weight distribution. 

3 Additive and projective polynomials 

We assume that q = r'^ and r is a power of the characteristic p of F^. In this 
section we establish a general connection between decompositions of certain 
additive polynomials and roots of projective polynomials, and characterize 
the possible numbers of rational roots of the latter. 

Lemma 3.1. Let m > 1, f = x^'™ + ax*" + bx and h = x'" — h^x he in 
Fq[x; r] with a, 6, ho G Fg. Then f = g o h for some g G Fq[x; r] if and only if 



Proof. For 6 = the claim follows from Lemma 2.2 and it is readily checked 
for m = 1. Now we assume b ^ 0, m > 2, and consider go, . . . ,gm-2 G ¥q 
satisfying 

f = x^ + ax^ + bx 
= [x + gm-2X -\ V gix + gQx\ o [x - hox) . 

Equating coefficients yields 



^m — 1 



— gm-2 — ^0 1 

= gi^\ — gih^ , for 2 < i < m — 2, 

b = -goho. 
Thus ho ^ and 

g^=hf'+r^-''+-+r-' for l<z<m-2, 

<7o =hl^r-+-+r--' + a = -b/ho. (3.2) 

Multiplying through by /iq concludes the proof. D 



This lemma and Lemma 2.1 are the building blocks for the powerful 



equivalences summarized as follows. 

Proposition 3.3. Let r be a power of p, m > 2, a,b E ¥q and f = x^'" + 
ax^ + b. There is a one-to-one correspondence between any two of the following 
sets. 



• right components of f with degree r, 

• roots o/\l/m' , 

• aq-invariant linear subspaces of Vf with dimension 1. 

More generally, assume that / G Fq[x;r] is any additive polynomial of 
degree r^. We now list the possible numbers of right components in ¥q[x] r]. 
A rational Jordan form has the shape 



S = diag(J:^^^ 
where J!:*^ = 






J en 



xroeF^ 



V 



0\ 

Is, 



r~ '^^ij^i -^ ^ij ^i 



(3.4) 



and «!,..., a^ G F^ are the distinct non-conjugate roots of the characteristic 
polynomial of S (i.e., eigenvalues), Cq,- G F^,*^^' is the companion matrix of 
ctj (assuming [Fr[ai] : F^] = Si) and 7^. is the si x Si identity matrix. 



Following the proof of Lemma 2.1 , let V/ be the F^- vector space of roots, 
and S G FJ!*^™ the matrix representation of the Frobenius operations Oq on 

F.. 



Proposition 3.5 (see, e.g. Giesbrecht (1995)). Every matrix in F™^*" is 
similar to one in rational Jordan form, and the number and multiplicity of 
eigenvectors is preserved by this transformation. 



Thus, we may assume S to be of the form described in (3.4). Since we 



are only interested here in (Tg-invariant subspaces of dimension 1, we ignore 
for now all a^ which are not in F^. The number of A-invariant lines — one 
dimensional subspaces invariant under A — is described as follows. 



Theorem 3.6. If A G ^nxn j^^^ rational Jordan normal form as in (3.4), 
then the number of A-invariant lines in FJ!^^ is 



E n 

l<i<k l<j<ki 



j.kij — -|^ 



Proof. For each eigenvalue Oj G F^ (1 < i < £) of A, the rational Jordan 
block Ja- has an eigenspace of dimension one. The entire eigenspace of A 
associated with Oj has dimension fcj, and hence contains {r^^ — l)/(r — 1) lines. 
Since no line is associated with two distinct eigenvalues, we simply add the 
number of lines associated with each eigenvalue in F^. □ 
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For example, in F^^^ we can list all matrix classes and the number of 
1-dimensional invariant subspaces as follows: 



ai 



r^ + r + 1 



«! 1 

r + 1 



a.\ 1 
a\ 1 



«! 1 



^2 



«! 



^2 



"3 



a\ 







where the number of 1-dimensional invariant subspaces is listed beneath each 
matrix. Empty boxes indicate companion blocks associated with eigenvalues 
not in Fr. 

For a positive integer m, let 11^ be the set of partitions tt = (si, . . . , Sfc) 
with positive integers Sj and Si + ■ ■ ■ + Sfc = m, '^r.m = {f"^ — !)/('" ~ 1)? for any 

TT e n^, let ipr{rc) = ipr,s-,+<^r,S2^ ^V^r.Sfc, and iprillm) = {<-Pr{Tr)- TT G n„}. 

Theorem 3.7. We consider the set 



S, 



q,r,m 



{« G N: 3/ G Fg[x;r],deg/ = r'^,f is a maximal i- collision}. 



of maximal collision sizes for additive polynomials. Then 

So = {0}, 

As examples, we have 

So = {0}, 

Si = SoU M.(l)} = {0, 1}, 

^2 = 5iU{¥?^(l,l),^^(2)} = {0,l,2,r + l}, (consistent with |Bluher| ( |2004b[ )) 

53 = 52U{(^,(3),v5,(2) + l,3}, 

^4 = ^3 U {y.,(4), ¥^,(3) + 1, 2^,(2), ipr{2) + 2, 4}, 

^5 = ^4 U {y^,(5), v^,(4) + 1, (^,(3) + ¥^,(2), ¥^,(3) + 2, 2^,(2) + 1, 

(^,(2) +3, 5}, 
^6 = ^5 U {y^,(6), y^,(5) + 1, y^,(4) + ^,,(2), y;,(4) + 2, 2y;,(3), 

iPr{3) + </?.(2) + 1, ¥?,(3) + 3, 3^^(2), 2^,(2) + 2, (/?,(2) + 5, 6}. 



The size of 5"^ equals ^o<fe<mP(^)' where p(k) is the number of additive 



partitions of k. This grows exponentially in m rtHardy & Ramanujan, 1918) 



but is still surprisingly small considering the generality of the polynomials 
involved. 



Corollary 3.8. Let r be a power ofp, m > 0, a,b &¥q and f = x''"" +ax'''+hx. 
(i) The possible number of roots of '^n' is Sm- 
(a) The possible number of Oq-invariant linear subspaces ofVf of dimension 

i is Om- 



We investigate the general result of Theorem 3.7 in the case m = 2 



further. This leads to an exact determination, for each i, of how often i- 
coUisions occur; see Corollary 5.9 Assume that / G Fg[x;r] is squarefree, 



with root space Vf. Again let a^ be the Frobenius automorphism fixing ¥g, 
and S G F^^^ its representation with respect to some fixed basis. The number 
of one-dimensional subspaces of Vf invariant under cXg is equal to the number 
of nonzero vectors w G F^^^ such that Sw = Xw for some A G F^, that is, 
the number of eigenvalues of S. Each such w generates a one-dimensional 
(Tg-invariant subspace, and each such subspace is generated by r — 1 such w. 
Thus, the number of distinct cTg-invariant subspaces of dimension one, and 
hence the number of right components in ¥g[x; r] of degree r, is equal to the 
number of eigenvectors of S* in F^, divided by r — 1. 

We now classify ag according to the possible matrix similarity classes 
of S, as captured by its rational canonical form, and count the number 
of eigenvectors and components in each case. Note that the number of 
eigenvectors of 5* equals the number of eigenvectors of T when S* is a similar 
matrix to T {S ^ T). 

Theorem 3.9. Let f G Fg[a;;r] be squarefree of degree r^. Suppose the 
Frobenius automorphism ag is represented by S E F^^^, and A G ¥r[z] is the 
minimal polynomial of the matrix S . Then one of the following holds: 

Case 0: 5 ~ j I , and A = z'^ — 'yz — 5 E ¥r[z] is irreducible, and f is 

indecomposable. 

Case 1: S ~ ( ^ ) G F^^^^ with 7 7^ 0, and A = {z - 7)^, and f has a 



.0 7, 
unique right component of degree r. 



7 0\ ^ ^2x2 



Case 2: 5~ r "J e¥f.''' for -f ^ 5 with ^6 y^ 0, when A = {z--f){z-6), 
and f has a 2-collision. 

7 \ ^ irn2x2 



Case r +1: 5* = ( ) G F^^ , for 7 7^ 0, and f has an (r + l)-collision. 
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Proof. 

Case 0: S represents multiplication by z in the finite field E = Fj.[2;]/(A). 
However, there is no a G E^ such that za = Xa for A G F^, so there are 
no eigenvectors, and hence no right components of degree r. 

Case 1: Nonzero vectors of the form {a, 0) G F^ are eigenvectors, and there 
are r — 1 of these. Thus / has (r — l)/(r — 1) = 1 right components in 
¥q[x] r] of degree r. 

Case 2: Nonzero vectors of the form (a, 0) G F^ and (0, /3) G F^ are eigen- 
vectors, and there are 2(r — 1) of these. Thus / has 2(r — l)/(r — 1) = 2 
right composition components in F^[a;; r] of degree r. 

Case r +1: Every nonzero element of F^ is an eigenvector, and hence there 
are r^ — 1 of them, so / has (r^ — l)/(r — 1) = r + 1 right components 



in Fq[x; r] of degree r. 



4 Algorithms for additive polynomials 



D 



Given / G Fg[x; r] of degree r^, using the techniques of Section 3, combined 



with basic algorithms from Giesbrecht (1998), we can quickly determine the 
number of collisions for /. 

The centre of Fg[x; r] will be a useful tool in understanding its structure, 
and is easily shown to be equal to 

^r[x; q] = \ Yl ^^^^' : K G N, ao, . . . , a« G Fr i C ¥g[x; r] 

10<J<K J 



(see, e.g., Giesbrecht (1998)). This is isomorphic to the ring ¥r[y] of polyno- 
mials under the usual addition and multiplication, via the isomorphism 

f = J2 «*^^' ^ ^(/) = Yl ^^y' 

0<J<K 0<i<K 



see 



Lidl & Niederreiter (1983), Section 3.4). ¥r[y] has the important property 



of being a commutative unique factorization domain. Every element / G 
¥g[x; r] has a unique minimal central left composition (mclc) f* G ¥r[x; q], the 
nonzero monic polynomial in ¥r[x; q] of minimal degree such that f* = gof 
for some g G ¥g[x; r]. Given z/ G F^, we say that z/ belongs to f & ^q[x', r] if / 
is the nonzero polynomial in ¥q[x] r] of lowest degree of which i^ is a root. 
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Fact 4.1 (Giesbrecht, 1998). Let p be a prime, r a power of p and q = r'^. 
For f G ¥q[x] r] of degree r"', we can find the minimal central left composition 
f* G ¥r[x; q] with 0{n^m^) operations in F^. 

The following key theorem shows the close relationship between the 
minimal central left composition and the minimal polynomial of the Frobenius 
automorphism . 

Theorem 4.2. Let f G ¥q[x] r] be squarefree of degree r" with roots Vf C F^. 
Fix an ¥r-basis i3 = (Vi, . . . , z/„) G F" for Vf, so that Vf = ¥';''\ Let S G F^!^" 
represent the action of the Frobenius automorphism aq on Vf with respect 
to B. Then the image T{f*) G ¥r[y] of the minimal central left composition 
f* G ¥r[x; q] of f is equal to the minimal polynomial A G Fr[x] of the matrix S . 

Proof. First, suppose A = X]o<i<m^«-^* ^ ^r[x] is the minimal polynomial of 
S. Then for all u = {m, . . .,u~y~e fr\ = A(^) = A{S)u = Eo<i<m ^.^^m- 
Equivalently if L = r"^(A) = Eo<i<m^i^^' ^ ^r[x; q] and u = Y.i<i<n'^i'^i ^ 
Vf then L{u) = J2o<i<m-^i'^qi'^) ~ 0' ^^^ ^^^^ holds for all u &Vf. Thus L is 
a (central) left composition of /, and hence t(/*) | A, since /* has minimal 
degree (and ¥r[x] is a principal ideal domain). 

Conversely, suppose g* = 'YliQ<i<d9*i^'^'^ ^ IFr[x;g] is any central composi- 
tion of/. So for all U7 = Y.i<i<n'^i^i ^ Vf,9*{w) = 0, and X;o<i<d5'%'S'*uJ = 0, 
where w = {wi, . . . , WnY G F"^^, or equivalently T{g*){S) = 0. Thus A divides 
r(5f*), and hence A I r(/*). D 

We now present our algorithm to count collisions of polynomials in ¥q[x] r] 
of degree r^. 

Algorithm: CollisionCounting 

Input: •■ / G ¥q[x; r] of degree r^, where q = r'^ 

Output: ►• The number of collisions in decompositions of / 

(1) If /'(O) = Then 

(2) If / = x^' Then Return 1 

(3) Else Return 2 
Else 

(4) /* ^mclc(/)GF,,[a;;g] 

(5) If deg f* = r Then Return r + 1 

(6) Factor r(/*) G ¥r[y] over ¥r[y] 

(7) If r(/*) G ¥r[y] is irreducible Then Return 

(8) If r(/*) = (y - a)^ for some a G F^ Then Return 1 

(9) Return 2 
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The proof of the foUowing is straightforward, using either the factoring 



methods in ¥r[y] from Cantor & Zassenhaus (1981) (probabihstic) or Ronyai 



(1992) (deterministic, assuming the ERH). 



Theorem 4.3. The algorithm CollisionCounting works as specified and 
requires an expected number of 0{d^) logr operations in F^ using a randomized 
algorithm, or d^'^^^ logr operations with a deterministic algorithm (assuming 
the ERH). 

We note that the algorithm CollisionCounting also allows us to count 
the number of rational roots of the projective polynomial x"^^^ + ax + h. T his 



is equal to the number of collisions of x*" + ax*" + 6x, by [Proposition 3.3 

For the remainder of this section we look at the problem of counting the 
number of irreducible right components of degree r of any additive polynomial 
/ G Fg[x; r] of degree r^. The algorithm will run in time polynomial in n and 
logg. This will also yield a fast algorithm to compute the number of rational 
roots of a projective polynomial \l'n ' € Fg[x]. 

The approach is to compute explicitly the Jordan form of the Frobenius 



operator aq acting on the roots of /, as in (3.4). We show how to do this 
quickly, despite the fact that the actual roots of / may lie in an extension of 
exponential degree over Fg. 

Algorithm: FindJordan 

Input: •■ / G Fg[x;r] monic squarefree of degree r", where r is a prime 

power 
Output: ►• Rational Jordan form S G F"^" of the Frobenius automorphism 



crq(a) = a'^ (for a G F,.) on V/, as in (3.4) 

(1) Compute /* ^ mclc(/) G ¥r\x] q] 

(2) Factor 'r(/*) ^ Ui^U2'^ '''"^T ^ JFriz/]; where the Ui G ¥r[y] are monic 
irreducible and pairwise distinct, and degWj = Sj for 1 < i < i 

(3) For i from 1 to £ do 



(4) 


For j from 1 to Ui do 


(5) 


h^j ^ gcrc{T~^ (ul) J) 


(6) 


iij ^ {\og^hij)/si (i.e., deghij = r^'^'O 


(7) 


For j from 1 to Wj — 1 do 


(8) 


5ij ^ iij - ii,j+i 


(9) 


^iuji ^ <,iuji 


(10) 


ki ^ 6i 


(11) 


(cii, . . . , CifcJ ^ (1, . . . , 1, 2, . . . , 2, . . . , Wi, . . . , w. 




<5ii <5i2 SiL^^ 


(12) 


Return S = diag (j^;S . . . , JZ"' , . . . , J^f , . . . , JIT'^ 
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Theorem 4.4. The algorithm FindJordan works as specified. It requires an 
expected number of operations in Fg which is polynomial n and logr (Las 
Vegas). 

Proof. Note that the notation in the algorithm corresponds directly to that 



of the rational Jordan form (3.4). In Step 1, we know from Theorem 4.2 



that /* is the minimal polynomial of 5*. Therefore all rational Jordan blocks 
correspond to factors of /* (determined in Step 2) and we only need to figure 
out their multiplicities. 



For a particular i, we know by Giesbrecht (1998), Theorem 4.4, that all 



indecomposable components of hij in Fq[a;;r] have degree Sj. Thus deg/ijj = 
j-siiij fQTj. Qj^ integer ^ij. As i goes from 1 to cJj, we determine the number of 
eigenvalues with multiplicity 1 or more (^ii), 2 or more (^12), etc. In Step 8, 
5ij is then the number of Jordan blocks of Ui of multiplicity exactly j. Doing 
this for all eigenvalues and all possible multiplicities yields the final form in 
Step 10. 

That the algorithm runs in polynomial time follows directly from the fact 



that gcrc requires polynomial time (see Giesbrecht, 1998), and the factoring 
in Step (2) requires polynomial time, say by Cantor h Zassenhaus (1981). D 



Now given an / e Fg[a;;r] we can quickly compute the rational Jordan 
form of the Frobenius autormorphism on its root space. Computing the 
number of degree r factors (or indeed, the number of irreducible factors of 



any degree) is easy, following the same method as in Section 3 



Theorem 4.5. // the Frobenius automorphism of the root space of an f E 
Fq[x;r] has rational Jordan form in the notation of Algorithm FindJordan 
where 



^ = diag(j^f,...,j:fS...,J, 
,,eifcj ^ (1,...,1,2, 



en T" 

an 1 ■ ■ ■ 1 'Ja 



[en 



,2,, 



,Wi 



h^ 



for 1 < i < i, then the number of indecomposable right components of degree 
r is 



i:Si = l l<j<a;.i 



/pj 



r 



Thus, the number of right components of degree r of an additive polynomial 
of degree r" can be computed in time polynomial in n and log q. Following 
[Lemma 3.1 we can also determine the number of roots in F^, of a projective 
polynomial \l/n ' € F,, [x] in time polynomial in n and log q. 
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5 Projective polynomials and roots 

We now look to actually construct and enumerate all the polynomials in each 



case 0, 1, 2, r + 1 as in Theorem |3.9[ For this, it is useful to recall a little 
more about the ring Fg[a;;r]. The following facts are from Ore (1933). 



Fact 5.1. Let f,g e¥g[x;r]. 

(i) There exists a unique monic h G ¥g[x; r] of maximal degree, and u, v, G 
¥g[x; r], such that f = u o h and g = v o h, called the greatest common 
right component (gcrc) of f and g. Also, h = gcTc{f,g) = gcd{f,h), 
and the roots of h are those in the intersection of the roots of g and h. 

(a) There exists a unique monic and nonzero h G ¥q[x] r] of minimal degree, 
and M, u G ¥q[x] r], such that h = u o f and h = v o g, called the least 
common left composition (Iclc) of f , g. The roots of h are the ¥r-vector 
space sum of the roots of f and g; this sum is direct if gcTc{f,g) = 1. 

In fact, there is an efficient Euclidean-like algorithm for computing the 



Iclc and gcrc; see. Ore (1933), and Giesbrecht (1998) for an analysis. 



The main theorem counting the number of decompositions can now be 



shown. It is equivalent to counting the number of times each case in Theo- 
Irem 3.91 occurs. 

Theorem 5.2. Let r be a prime power and q a power of r. For i eN let 

Cgrmi = {{(^,b) e¥'^ : x"^ + ax^ + bx has a maximal i- collision in ¥g[x]r]}, 

(5.3) 



Cq,r,m,i Tr^q,r,m,ii 

and drop q, r, m from the notation. The following holds: 



(5.4) 



Case 0: Co is the set of all f G ¥q[x; r] of degree r^ whose minimal central 
left compositions f* G ¥r[x] q] have degree q^ and cannot he written as 
f* = g* o h* for g*,h* G ¥r[x] q] of degree q, or equivalently that the 
image T{f*) G ¥r[y] of f* is irreducible of degree 2. We have 



Co 



r(g^ — 1) 
2(r + l) 



Case 1: Ci is the set of all f G ¥q[x; r] of degree r^ with minimal central left 
composition f*=g*o g* for g* = x^ — ex for c G F^ , and 



Cl 



Q -q 



+ 1. 
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Case 2: C2 is the set of all f G Fg[x; r] with minimal central left composition 
f*=g*o h* for g*, h* G F,.[s; q] of degree q with gc(i{g* , h*) = 1, and 



^ 2(r-l) ^ 



Case r+1: Cr+i is the set of all f G Fg[a;;r] of degree r^ with minimal 
central left composition f* = x'^ + ex, for c G F,,^, and 

_ (g-l)(g-r) 
r^v^ — 1) 

Since Cq + Ci + C2 + c^+i = q^ , these are the only possible numbers of collisions 
of a degree r^ polynomial in Fg[x; r]. 

Proof. 



Case 0: The number of irreducible polynomials in Fr[|/] of degree 2 is (r 



2 



r)/2 (see Lidl &; Niederreiter (1983)). Each polynomial /* G Fr[a;;g] of 
degree r^"* has r^"^ — 1 nonzero roots, and hence has (r^™ — l)/(r^ — 1) 
components in Fg[x; r] of degree r 



2 



Case 1: Each such / arises as a right component of degree r^ of an /* = 
g* o g* G F.f.[a;;g], for g* = x'^ + ex & ¥r[x]q], which is not a right 
component of /*. The number of roots of g* o g* which are not roots of 
g* is g^ — q. Each of these roots belongs to a polynomial in / G ¥q[x; r] 
of degree r^, and each such / has r"^ — r such roots which belong to 
that / (the other roots belong to a right component of degree r). Thus 
there are (g^ — q)/{r'^ — r) polynomials in ¥g[x; r] of degree r^ whose 
minimal central left composition is /*. There are r — 1 polynomials 
/* of this form so there are (g^ — q)/r polynomials / G Fg[x;r] with a 
unique decomposition. 

Case 2: We consider the case of polynomials with 2-collisions, and thus 
whose minimal central left compositions have the form /* = g* o h*, for 
g*, h* G ¥r[x\ g], with gcd(5f*, h*) = 1. 

Each such / G Fq[x;r] has minimal central left composition /* = 
g* oh* E ¥r[x] g], for g*,h* G ¥r[x] q] of degree g, with gcd(5'*, h*) = 1. 
Thus we can construct an / with the desired properties by choosing a 
root u of g* and a root u of h* and finding the / G ¥g[x; r] which has 
both u and u as roots (this corresponds to finding the g,h E Fg[x; r] 
to which UjU belong respectively, and letting / = lclc(f7, h)). Each of 
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g*,h* has (g — l)/(r — 1) right components of degree r, so for each 
choice of g* , h* we have [q — l)^/(r — 1)^ polynomials / G Fq[a;; r] with 
the desired properties. There are ('^"^ ^ = {r ~ V){r — 2)/2 distinct pairs 
of (yf*, /i* with nonzero constant coefficient. 

Case r+1: In this case the minimal central left composition of / is /* = 
x^ — ex for some c G F^. Thus, t(/*) = y — c ^ ^r[y] is the minimal 
polynomial of the Frobenius automorphism Cg on Vf*, the F^- vector 
space of /*, and all subspaces of Vf* are invariant under o"g. Hence each 
subspace is exactly the set of roots of a polynomial in ¥q[x] r]. The 
number right components h G Fq[x; r] of /* of degree r^ is the number 
of 2-dimension subspaces of Vf* . The number of linearly independent 
pairs of vectors in Vf* is [q — l){q — r). This is the number of all bases 
for all vector spaces of dimension 2. Each 2-dimensional vector space 
has (r^ — l)(r^ — r) bases. Thus /* has 

(g- l)(g-r) 
r(r-l)2(r + l) 

right components of degree r^. There are (r — 1) polynomials /* of the 
form x'^ — ex for c G F^ . 



D 

We note that the proof is constructive and shows how to (efficiently) 
generate polynomials in Fq[x;r] of degree r^ with a prescribed number of 
collisions. In each case, the number of collisions of an / G ¥q[x; r] is determined 
by the factorization of its minimal central left composition /* in ¥r[x; q]. Here 
degr(/*) G {1, 2}, and we can enumerate all such /* in each class (irreducible 
linear, irreducible quadratic, perfect square, or product of distinct linear 



factors). We can decompose each such /* using the algorithms of Giesbrecht 



(1998) to generate polynomials with a prescribed number of collisions. 

We show now how to construct indecomposable additive polynomials of 
prescribed degree, and count their number. We also show how to construct 
additive polynomials with a single, unique complete decomposition and count 
the number of such polynomials. 

The following theorem characterizes indecomposable polynomials of degree 
r^ in terms of their minimal central left compositions. This theorem allows 
us to get hold of degree r right components from the roots of t(/*) in F^. 



Theorem 5.5 ( Giesbrecht} 1998, Theorem 4.3). Let f* G ¥r[x; q] have degree 



q , such that T{f*) G ¥j.[y] is irreducible (of degree i). Then every indecom- 
posable right component f G Fq[a;;r] of f* has degree r^ . Conversely, all 
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/ G ¥q[x; r] which are indecomposable of degree r^ are such that t(/*) G ¥r[y] 
is irreducible of degree i, where f* G Fj.[x;g] is the minimal central left 
composition of f . 



The following bound has been shown in Odoni (1999). Our methods here 
provide a simple proof. Let 



[n] 



J2f^i^/dy 



d I n 



be the number of monic irreducible polynomials in ¥j.[y] of degree n (see, e.g., 



Lidl fc Niederreiter (1983), Theorem 3.25) 



Theorem 5.6. Let q be a power of r. The number of monic indecomposable 
polynomials f G ¥g[x; r] of degree r" is 



g"-l 
r"- 1 



Ir{n). 



Proof. By Theorem |5.5| all such polynomials are right components of polyno- 
mials /* G ¥r[x] q] of degree g", where r(/*) G ¥r[y] is irreducible (of degree 
n). Any such /* has {q^ — l)/(r" — 1) indecomposable right components in 
¥g[x; r], all of degree r". There are Ir{n) irreducible polynomials of degree n 



m¥r[y]. 



n 



Note that this implies there are (slightly) more indecomposable additive 
polynomials of degree r" in ¥q[x; r] than irreducible polynomials of degree n 
m¥q[y]. 

The above theorem also yields a reduction from the problem of finding 
indecomposable polynomials in ¥g[x; r] of prescribed degree to that of decom- 
posing polynomials in Fg[x;r]. A fast randomized algorithm for decomposing 
additive polynomials is shown in Giesbrecht (1998), which requires a num- 
ber of operations bounded above hy {n + m + logr)*^'-^-'. Thus, we can just 
choose a random polynomial in Fq[a;;r] of prescribed degree and check if 
it is irreducible, with a high expectation of success. A somewhat slower 
polynomial-time reduction from decomposing additive polynomials in ¥q[x] r] 



to factoring in ¥r[y] is also given in Giesbrecht (1998). This suggests the 
interesting question as to whether one can find indecomposable polynomials 
in ¥q[x; r] of prescribed degree n in deterministic polynomial-time, assuming 
the ERH (a la|Adleman fc Lenstra] (|1986D). 



We finish this section by establishing connections to the counts of Bluher 



(2004b) and von zur Gathen (2009a). 
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We have a prime p, integers d, e, and m with d dividing e, r = p'^, q = p^, 
set (pr,m = {f"^ ~ !)/('" ~ 1) ^'^d for a, 6 G Fq and < i < (pr,m 



\^(o-fi) 



X 



'^r,m 



+ ax + h. 



This yields an equivalent description of Cg^r,m,i by Proposition 3.3 



as 



a 



q,r,m,i 



{(a, 6) G Fg : ^^^'^^ has exactly i roots in F^}. 



(5.7) 



Section 3 says that 



a 



q,r,m,i 



^ 



ieS, 



q,r,m 



and Sg^r,m is determined in Theorem 3.7 Furthermore, let 



C. 



(1) 

q,r,rn,i 
q,r,m,i 



{(a, 6) G Cg,^,m,j: & 7^ 0}, 
{(a, 6) G Cg,^,„,i: a^T^O}, 



and Cql^rn,i — i^^q,r,m,i f*^^ J = 1' 2. Leaving out the indices, we have 
(g(2) ^ (^(1) ^ (g^ ^]^ Q gg^ (^(1) occurs naturally in general decompositions 
(Proposition 6.8 (iii) for r = p), and C*^^^ is the subject of Bluherj (2004b). 



For an integer m > 1, let 



'~iq,r,r 



gcd(v9r,„,g- 1). 



Proposition 5.8. We fix q^r^m as above and drop them from the notation 

OJ ^q^r,m,i ana Cq^r,m,i' 

(i) We have Ci = Cl for all i ^ {1, 7m-i + 1}, and 

.(1) 



Cl \CJ'^ = {(a,0): (-a)('?"i)/>— 1 ^ 1}, 



a 



7m~l+l 



\a 



(1) 

7m-l+l 



{(a,0): (-a)('?-i)/>-'--" 



1} 



.(1) 



ci = cr + (g-i)(i-7,:' i) + i 



^7™.-!+! - Sm-1+1 + ("? ~ l)7g,r,m-l- 



.(1) 



.(2) 



(ii) We have C\'^ = Q"' for all i ^ {0,7„}, and 



.(2) 



C^'>\C^^> = {(0,6): (-6)('?-i)/^^.'-- ^ 1}, 



CS\^S = {(0,&):M)^''-'^/"- 



7m \ 7m 
.(1) 



1}, 



4'^ + (g-l)(l-7,:U 



c« = cf + (g - l)7;i 



q,T\m' 
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Proof. (i) Let i E Sg^r,m and (a, 0) G Cj \ C- be arbitrary. Then ^m' = 
x'^''-'" +ax = x(x'''^'''™-^ +a). Now is a root, and for a = it is the only 
one. This places (0, 0) into Ci \ C| , and we may now assume a ^ 0. 
Now let to be a nonzero root of \E'm' and t = Iq. Then t'^'-.'"-i = —a. 



Dropping the indices, we have (/? = 7 ■ {(p/'y) from (5.7). The power map 
7f^: w ^ w'^ on F^ maps 7 elements to one, since 7 | (g — 1). Thus 
irnvr-y is a group of order (g — l)/7, and gcd(v9/7, (g — l)/7) = 1. Thus 
the {ip/'~f)th power acts bijectively on this group, and irnvr^ = imvr^. If 
there is one t with f^ = —a, then there are exactly 7 many. Furthermore, 
we have 

—a G imvTip = imvr^ <^==^ (—a)^'^^^'''^ = 1. 

Together with the fact that the rth power acts bijectively on Fg, this 
shows that if \I'm' has at least one nonzero root, then it has exactly 7 
roots. Adding in the root shows the claims in ( 



(ii) Let (0, b) G FJ with 6 ^ be an arbitrary element of C(i) \ C^^\ Then 
^(^•'') = x^'-'- + b. Now is ] 
(I)] applies mutatis mutandis 



^m = x'^''-™ + b. Now is not a root, but otherwise the argument for 



n 



We note that Theorem 5.2 is also counting the number of possible solutions 



to the equations y^^^ + ay + b, as in Bluher's (2004) work. For m = 2, (3.2) 
is equivalent to h^^^ + ah^ + 6 = 0, so we are counting the number of 
ho G Fg, q = r'^ satisfying y^'^^ + ay + b = 0. The comparison with Bluher's 
work is interesting because she does not consider the case a = or 6 = and 
because her work has multiple cases depending on whether d is even or odd 
and whether m is even or odd, whereas our counts have no such special cases. 
The result in the (relatively straightforward) case a = is consistent with 



the more general Lemma 5.9 of von zur Gathen (2008 ), where q is not required 



to be a power of r, but merely of p. 

We now state as a corollary a result equivalent to that of Bluher (2004b) 
(at least over Fg, when q = r"^). 

Corollary 5.9. Let r be a prime power, d a positive integer and q = r'^. 
Then 

CgJ.2,i — K*^' b) ^^q • ^'" + (^^^ + ^^ h^^ '^'^ i-collision}, 

Cg r2i ~ ^ /'^^ ^ ^ {0' 1) 2, r + 1}, and the following holds: 



20 



(i) If d is even, then [cq ,q ,4 , c^+i] = 

"r(g-l)2 g(g-l) {q-lf{r-2) {q-l){q-r'^) 



2ir + r 



r 



2(r - 1) 



rir"^ — 1] 



(^MJ If r is odd and d is odd, then [cq , c^ , C2 ? c^+i] = 

(gr — l)(g — 1) q'(q' — 1) (g — l)(gr — 2g — 2r + 3) (g — r)(g — 1) 



2(r + ll 



2fr- 11 



rfr^ — 11 



(5.10) 



(Hi) If r is even and d is odd, then [cg , q , Cg , c^+;^] = 

>(g^ — 1) {q—l){q — r) (g — l)^(r — 2) (g — r)(g— 1) 
_2(r + l) ' r ' 2(r- 1) ' r(r2 - 1) 



• (5.11; 



We note that each of these counts is g — 1 times the corresponding count 



of Bluher (2004b, Theorem 5.6), which projects down to a single parameter 
family. We also note that the constructive nature of our proofs allows us to 
build polynomials prescribed to be in any of these decomposition classes. This 
follows in the same manner as in the degree r^ case (see the discussion following 
Theorem 5.2). We generate elements of ¥r[x; q] with the desired factorization 
pattern (which determines the number of collisions) and decompose these 



over Fg[a;;r] using the algorithms of Giesbrecht (1998). 



6 General compositions of degree r^ 

The previous sections provide a good understanding of composition collisions 
for additive polynomials. We now move on to general polynomials. This 
section provides some explicit non-additive collisions. 

Example 6.1. We consider F27 = ¥3[y]/(m), with m = y^ — y + 1, take 
r = p = 3, u = 1, and let 

T = {-1, -y\ -y^-y- 1, -y^ + y - 1} 
consist of the r + 1 roots of t^^^ — ut + u. We obtain for 

f = x^ + x'^ -x^ + x^ + x'^ + x 
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the following 4-collision of monic original polynomials: 

/ = (x^ — x^ + x) o (x^ — x^ + x) 
= {x^ + {y^ + y - ^)x^ - {y + l)a:) o {x^ - y'^x^ + {y^ - y)x) 

= {x^ + {y^ -y - l)x^ - yx) o {x^ - {y^ + y + l)a:^ + {y^ - l)a;) 

= {x^ + (y^ + l)x^ + {-y + l)x) o {x^ -(^y^ -y + l)x'^ + (i/^ + y)x). 

For any / = X^/jO;* G ¥g[x], we call deg2 / = deg(/ — \c{f)x'^'^^^) the 
second-degree of /, with deg2 / = — oo for monomials and zero. Furthermore, 
/ = g + 0{x'') with a polynomial g G ^q[x] and an integer k, if deg{f — g) < k. 

Theorem 6.2. Let q and r be powers of p, e E {0, 1}, -^,5 G F^ , t G T = 
{t G Fq : f^-*^ — eut + -u = 0}, l a positive divisor ofr — 1, m = (r — l)/i, and 

f = F{e, u, i, s) = x{x^^''+^^ - eus'x^ + ms"+^)™, 
g = G{u, i, s, t) = x{x^ - us^'t'^r, 
h = H{i,s,t) =x{x^-str, 

all in ¥g[x]. Then 

f = 9°h, 

and f is a ^T-collision. 

Proof. From u ^ follows t 7^ 0, so that g is well-defined. We find 

goh = X{/ - stY\x\x^ - Sty^' - UsH'^r 

= x{{x^ - styx^ - {x^ - st)usH-^T 

= x(x^("+^) - s'xr + ut-^)x^ + US'+Y' 

= a;(/("+^) - eus^'x^ + us^'+^Y = f. 

Note that / is independent of t. We have different coefficients 

gr-£ = —mus^t~^ 7^ 0, 
hr^e = —mst ^ 0, 

for different values of t, and therefore #T pairwise distinct decompositions of 
/■ □ 

The polynomials described are additive if£ = r — 1. If£<r — l,r — £is 
not a power of r and gr-i 7^ 0, so that g and / are not additive. 

If a polynomial / G Fg[a;] is monic original, then so is /(^) = [x — f{w)) o 
f o[x + w) for all w G Fg. Every decomposition of / induces a decomposition 
of /(^) as specified below, and all /(^) have the same number of decompositions 
as /(o) = /• 
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Corollary 6.3. We use the notation of\Theoreni 6.^ an additional parameter 



w G¥g and set 

/(^) = F{€, u, i, s)(^) = {x- f{w)) o F{e, u, i, s)o{x + w), 
g{w) = G{u, £, s, t)(u,) = (x - f{w)) o G{u, i, s, t) o (x + h{w)), 
/i(^) = H{i, s, t)(^) = (x - h{w)) o H{i, s, t) o (x + w). 

Then /(^t,) = 5f(^) o /i(^), a// three polynomials are monic original, and 
{{g(w),h(w))'- t E T} is a ^T-collision. 

Among all F[e,u,i,s)(^ui), the F{e,u,i,s)(^Q) is characterized by the van- 
ishing of the coefficient of x^ -fr-^-i 

Proposition 6.4. Let q and r be powers of p. Let e, u, i, s, t and e* , u* , i* , 



s* , t* satisfy the conditions of Theorem 6.2, w,w* G ¥g, f = F{e,u,i^ 3)1^^'), 



and f* = F{e*,u*,t, s*)(^*). The following holds: 
(i) If f = /*, then e = e* and i = t . 

(a) If 6 = and i = r — l,then f = F{0, —1, r — 1, st)(o) and f = f* if and 
only if {s/s*y^^ = 1. 

(Hi) If 6 = and i < r — 1, then f = F{0, —l,i, st)(^) and f = f* if and 
only if w = w* and {s/s*Y^^ = 1. 

(iv) If e = 1 and i = r — 1, then f = F[l,u,r — l,s)(o) and f = f* if and 
only if u = u* and s = s* . 

(v) If e = 1 and £ < r — 1, then f = f* if and only if u = u* , s = s* and 
w = w* . 

Proof. We have 

/ = F{e,u,i,s)(^) 
= x(x^('^+i)™ - m£us'^x^("+i)(™-^)+^ + mns^+ix^('-+i)("-i) 

+ 0(a;^('^+l)(m-2)+2f^)^) 

= x""' - meus'-x'-'-^' + mus'+^x'^-^'-^ + 0{x''-^^''), 

fr'2-ir = —meus'^, 
fr2-ir-e = mus''^^. 
Therefore 

^r^-ir-i if £ = 0. 
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(6.5) 



Furthermore, p\ r — 1 = im, so that p \ i. We have deg2 / = degg f^*^ and 
e = 1 if and only if r divides degj /. For both values of e, deg2 / determines 
i uniquely. This proves ( 



For £ = r — 1, / is additive and therefore 

/ = F{e,u,r- l,s)(^) 
= (x — F{e, u,r — 1, s){w)) o F{e, u,r — 1, s){x) o (^x + w) 
= (x — F{e, u, r — 1, s){w)) o {F{e, u,r — 1, s){x) + F{e, u,r — 1, s){w)) 
= F{e,u,r- l,s)(o) 

for all w E¥q. 

For i < r — 1 the coefficient of x^ -f-r-e-i ^^ F{e, u, i, s)(u,) equals 

F(e, u, i, s)r2-ir-i-i + w{r'^ — £r — £)mus^^^, 



F{e,u,i,s)(^^,) if 



and (r — ir — £)mus^^ ^ 0. Therefore, F(e,u,i,s)(^u>) 
and only ii w = w*. 

For e = 1, we find from (6.5) that s = —fr^-ir-e/fr^-ir and u 
fr2-er/{~fns^') depend only on /. 

For e = 0, we have f'~^^ = —u and 



F(0,M 



5 <-; "Sj(«)) 



(a;(a;^(^'+l) _ (St)'-+1)™)(^^ = F(0,-l,£,St)(^). 



Consider F(0, — 1,£, s)(^) = F(0, — 1,£, s*)(^), divide by x, extract mth 



r+l 



-,*r+l 



roots and find by coefficient comparison s 

Combining the observations for i = r — 1, i<r — 1 and e = 0, e = 1, 
respectively proves the claims for the four cases (ii) (v) 

n 



Corollary 6.6. Letp, q,r as in Theorem 6.2, 7 = gcd(r + l, q — 1), i G {2,r + 



1}, and Ni the number of i-collisions of the form described in Corollary 6.3. 
Then 



N, 



[l-q + q-d{r-l))[c\% + 6. 



.(2) 



7i* 



q-l 

7 



where d{r — 1) is the number of divisors of r — 1, 6ij is Kronecker's delta, 



and c I j are determined in 



Corollary 5.9 



Proof. For e = 0, / is an i-collision, only if y"^^^ = 1 has exactly i solutions, 
according to Proposition 6.4||(ii) and (iii) Generally, this equation has exactly 
7 = gcd(r + 1, g — 1) solutions in F^. Furthermore there are (g — l)/7 values 
for s e F^ which yield pairwise different s"^^^. The number of i-collisions of 



the form described in (ii) is therefore (5-y,i ■ (g — l)/7, and of the form described 
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in (iii) S^^iq{d{r — 1) — l)(g — l)/7, tacking into account the {d{r — 1) — 1) 
possible divisors £ and q choices for w. 

For e = 1, we have to consider u, such that y'^^^ — uy + u G ^q[y] has 



exactly i roots. Let a,b eW^ and u 
X ^ y = —ah^^x gives a bijection 



.r+l 



h ''. The invertible transformation 



{t G F^ : r+^ - Mt + M = 0} ^ {r G F^ : r''+^ + ar + 6 = 0}. 



Every value of u corresponds to exactly g — 1 pairs (a, 6), namely an arbitrary 
a G F^ and h uniquely determined as If 



u-^a''+\ 



Proposition 3.3 



and the 

/r)\ rc)\ 

definition of c l^ yield Cgj.^/{q — 1) values for u. Therefore the number of 
2-collisions is c I ^ for the form described in 



the form described in 



V 



IV 



and Cqr^^q{d{r — 1) — 1) for 

D 



Von zur Gathen (2008), Lemma 3.29, determines gcd(r+l, q—1) explicitely. 



Conjecture 6.7. Any maximal i-coUision with i > 2 at degree p^ is either a 
Frohenius collision or of the form described in\Corollary 6.3. 



The conjecture has been experimentally verified for g < 9 using Sage. 

There are q'^~^ Frobenius collisions and all but x^ = x^ o x^ are maximal 
2-collisions. The number of maximal i-coUisions with i > 2 is therefore 
bounded from below by 

N2 + Nr+i + q'-^ - I. 

The conjecture claims that this is also an upper bound. 

In the following, we present partial results on this conjecture, concentrating 
on the simplest case r = p. We also give an upper bound on the number of 
decompositions a single polynomial can have in the case of degree p"^. No 
nontrivial estimate seems to be in the literature. 

Proposition 6.8. Let C be a non-Frobenius i-collision over Fg with i > 2 at 
degree p^ . There is an integer k with 1 < k < p and the following properties 
for all {g, h) G C. 

(i) deg2(5') = deg^ih) = k. 

(a) For all {g*,h*) G C with {g, h) ^ {g*,h*), we have gu 7^ gl and hk ^ hi. 

(iii) Set a = —fkp and b = k^^f^p-p+k- Then bh^ 7^ 0, and 



hl^' + ahk + b = 



9k 



-a -hi 



bh,\ 



(6.9) 
(6.10) 
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(iv) i < p + 1. 
Proof. We write 

g = xP + gex^ H h gix, 

h = x^ + h^x"" H h hix, 

f = goh = xP" + U2_,x^'-' + ... + f,x, 

with all fi, gi, hi G F^, 1 < i,m < p and gehm 7^ 0. For u,v E Fq[x] and e G N, 
we write u = v + 0{x'^) if deg('U — v) < e. Similarly, (0(x^))^ indicates a 
polynomial w with degw < e such that u = v + w^. 
The highest terms in h^ and g o h are 



X'^ 



+ K.x^'' + {0{x^-^)Y + (7,x^P + £^,/i™a;( 



-l)p+m 



0{x 



{i-l)p+m~l\ 



+ 0{x 



(£-l)p^ 



(6.11) 



Thus the highest term /jX* in / with fi^O and p \ i occurs for i = {i — l)p+m. 
Since 1 < i,m < p {i,m) is determined by / and identical for all {g, h) G C. 



Algorithm 4.9 of von zur Gathen (2009b) computes the components g and h 



from /, provided that hp^i 7^ 0. We do not assume this, but can apply the 
same method. Once g£ and h^ are determined, the remaining coefficients first 
of h, then of g, are computed by solving a linear equation of the form uhi = v, 
where u and v are known at that point, and u ^ 0. Quite generally, g is 
determined by / and h. Now take some {g*, h*) G C. If {ge, hm) = {g}-, h*^, 
then {g,h) = {g*,h*) by the uniqueness of the procedure just sketched. 
Inspection of the coefficient of a;(^^i)p+™ in ( |6.11 ) shows that gc = g} if and 
only if hm = h*^. Furthermore, deg2(5' o h) is either mp or dp. If these two 
integers are distinct, then either h^^ (and hence hm) is determined by /, 
namely if ?7i > £, and otherwise gi is. In either case, we can conclude from 
the above that ((?, h) = {g*, h*). Since [g, h) 7^ {g* , h*) this shows i = m, and 
(i) and |(ii) for k 



For (iii) , we find from (6.11), 



K) 



,p+i 



The i distinct (see 
in hk. This proves (iv) 



fkp — hl + gk, 

Jkp—p+k ^ f^dkiT-k ^ kllk[Jkp 

ii) ) values hj^ are solutions to a degree p+ 1 equation 



-khl + kfkphk 



n 
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We have k = 1 for additive polynomials, and k = r — i in |Theorem 6.2 



Proposition 6.12. Let C be a non-Frohenius i-collision over ¥q with i > 2 
at degree p^, and k the integer defined in Proposition 6.8 . Then k = 1 or 
k > p/2. 

Proof. We expand /i^ some further 

h'' = {x^ + hkX^ + hk-ix^~^ H h hixf 

= x^P + kxP^^-^\hkX^ + ■■■ + hix) 

'^\x^^^-^\hkx^ + ■ ■ ■ + h^xf + 0(xP('=-3)+3fc^_ 

The coefficient of x^^^"^^^"^^ is {^^h\ from the last line, plus kx^^'^'^'^ ■ hi if 
kp — p + i = kp — 2p + 2k from the previous line. The latter means i = 2k — p. 
Now assume that k < p/2. Then i < 0, so that only the last line contributes. 
No other summand in g o h contributes to the coefficient of a;'«P-2p+2fe ^^ j ^ 
and therefore 



jkp—p+k — kgkh 



k, 



^^''-^^y-'fk 



fkp-2p+2k — 9k\ ^jhk — i ]k fkp-p+khk. 



The binomial coefficient and fkp~p+k are nonzero, and it follows that hk has 
the same value for all ((?, h) E C . By Proposition G.Sriiy, this is false. D 



This shows that there are no collisions at degree p^ with fc = 2 if p > 3 
nor with /c = 3 if p > 5. 

7 Conclusion and open questions 

We have presented composition collisions with component degrees (r, r) for 
polynomials / of degree r^, and observed a fascinating interplay between 
these examples — quite distinct in the additive and the /j.2_^_i ^ cases — and 
Abhyankar 's projective polynomials and [Bluher s statistics on their roots. 



Furthermore, we showed that our examples comprise all possibilities in the 
additive case, and provided large classes of examples in general. Showing the 
completeness of our examples in the general case is the main challenge left 



open here as 6.7 



Generalizations go in two directions. One is degree r^ for A; > 3. Additive 
polynomials are of special interest here, and the rational normal form of the 
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Frobenius automorphism will play a major role. For general polynomials, the 



approximate counting problem is solved in von zur Gathen ( 2009b ) with a 
relative error of about q~^, and it is desirable to reduce this, say to g"*""^^. 

The second direction is to look at degree ar'^ with r \ a. Now there are no 
additive polynomials, but for approximate counting, the best known relative 
error can be as large as 1. It would be interesting to also push this below g~^, 
or even g"^"*"^. 

In some sections, we assume the field size g to be a power of the parameter 



r. As in Bluher s (2004) work, our methods go through for the general 
situation, where q and r are independent powers of the characteristic. 

With respect to additive polynomials, a more thorough computational 
investigation of projective polynomials is warranted. Automatic generation 
of Bluher-like equations for higher degree projective polynomials should be 
possible, as would be a more exact understanding of their possible collision 
numbers. 
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